Security you can verify, not just trust

This page explains exactly how vpn.now protects your traffic, your account, and our servers. We are clear about what is live today and what is still on the roadmap.

See our transparency report
Shield protecting an encrypted connection

Live today

These protections are active for every vpn.now customer right now.

Layers of protection wrapped around your device: your own keys at the core, an encrypted tunnel around them, and a hardened server on the outside.
Protection in layers: keys you hold, an encrypted tunnel, and hardened servers.

Strong encryption

Every tunnel uses ChaCha20-Poly1305, a modern, widely reviewed cipher. There is no weaker fallback mode. Our encryption guide explains it in plain language.

Keys you control

Your device private key is generated at download time and never stored on our servers. We keep only the public key. See how device credentials work.

Hardened servers

VPN servers run a minimal system image with no unnecessary services, automatic security updates, key based SSH access only, and strict firewall rules. Health checks run around the clock.

Account security

Passwords are hashed with Argon2, a modern algorithm designed to resist cracking. Repeated failed logins lock the account temporarily. See our tips on securing your account.

Secure payments

Payments are handled by our payment provider over encrypted connections. Card numbers never touch vpn.now servers. We store only the payment records needed for billing and refunds.

Credential rotation

Every device credential can be revoked or rotated instantly from your dashboard. Revoked keys stop working right away across the whole network.

On the roadmap

We would rather tell you what is coming than pretend it already exists. Here is what we are building next.

DNS leak protection

Our configs already route DNS through the tunnel. We are building our own DNS resolvers and automatic leak testing so DNS requests can never slip outside the VPN. Until then, you can check yourself with our DNS leak guide.

Kill switch in native apps

Our planned native apps will include a kill switch that blocks all traffic if the VPN drops. Today, the official tunnel apps offer similar protection on some platforms, such as the on-demand option on iOS and always-on VPN on Android.

Two factor authentication

2FA for vpn.now accounts using authenticator apps is in development. We will announce it on the blog when it ships. Until then, please use a strong, unique password for your account.

Reporting a vulnerability

If you find a security problem in vpn.now, we want to hear about it before anyone else does. Email [email protected] with the details and steps to reproduce.

We commit to:

  • Acknowledging your report within 48 hours.
  • Keeping you updated while we investigate and fix the issue.
  • Crediting you publicly if you want, once the fix is released.
  • Never taking legal action against good faith security research.

Please give us reasonable time to fix issues before sharing them publicly, and never test against accounts or data that are not your own.

Privacy and security go together

Read exactly what data we keep, what we never collect, and how long anything is retained.

Read the transparency report